Application Security Engineer

Strategy•Tysons Corner, VA

1d•Onsite

About The Position

Strategy (Nasdaq: MSTR) is a market leader in enterprise analytics and AI software, pioneering the BI and analytics space. The company is also leading a shift in digital assets, adopting bitcoin as its primary treasury reserve asset since 2020, building a fortress balance sheet and solidifying its position as an innovative force. Strategy fosters a culture of curiosity, innovation, and excellence, guided by values: bold, agile, engaged, impactful, and united. Employees are crucial to the mission of pushing boundaries in analytics and redefining financial investment. Join Strategy’s IT Security group as an Application Security Engineer to safeguard Strategy’s software applications using modern security and AI tooling. This role involves integrating security practices throughout the software development lifecycle to ensure software products are resilient against vulnerabilities.

Requirements

Bachelor's degree in Computer Science, Engineering, or related field
Minimum 2 years of software development or software security experience in an agile environment
Hands-on experience with SAST, DAST, IAST, and SCA tools (e.g., Checkmarx, Fortify, Veracode, SonarQube, Burp Suite, ZAP).
Fluent in one or more programming languages, such as Python, Java, JavaScript
Strong knowledge of secure coding principles and application security frameworks
Familiarity with security tools (e.g., static and dynamic analysis tools, vulnerability scanners)
Understanding of security standards and regulations (e.g., OWASP, NIST)
Hands-on experience with Generative AI and/or ML in creating innovative applications that enhance productivity and efficiency, coupled with a strong eagerness to learn
Experience with cloud security best practices in AWS, Azure, or GCP.
Strong work ethic with a commitment to meeting business needs and effectively collaborating with global colleagues
Effective interpersonal skills; ability to collaborate successfully with both technical and non-technical stakeholders
Ability to articulate complex technical concepts with clarity, supported by effective written and verbal communication skills

Responsibilities

Work closely with development teams to integrate security into the SDLC, including threat modeling, secure code reviews, and security testing.
Identify, triage, and remediate security vulnerabilities through static and dynamic application security testing (SAST/DAST) and software composition analysis (SCA) tools.
Conduct manual and automated penetration testing of web, mobile, and cloud applications to detect security flaws.
Analyze source code and provide security recommendations to developers to ensure adherence to secure coding best practices.
Perform threat modeling to anticipate potential attack vectors and improve security architecture.
Support and enhance DevSecOps initiatives by integrating security automation within CI/CD pipelines.
Assist in investigating security incidents related to applications and work with engineering teams to remediate threats.
Educate and mentor developers on OWASP Top 10, SANS 25, and other security best practices.

Stand Out From the Crowd

Upload your resume and get instant feedback on how well it matches this job.

Upload and Match Resume